Information according to sec. 5 TMG:
Version: December 2019
1. Basic information on data processing and legal bases
1.2 The used terms, such as „Personal data“ or „processing“, refer to the definitions in Article 4 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).
1.3 Users’ personal data processed in the context of this Website includes stock data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the visited Websites, interest in our products) and content data (e.g. input on the contact form).
1.4 The term „User“ covers all categories of persons affected by the data processing. This includes our business partners, customers, interested parties and other visitors to our Website.
1.5 We process Users’ personal data in compliance with the relevant data protection regulations, only. Users‘ data will be processed if we have a legal permit. That is, especially if the data are (i) processed for the provision of our contractual services (e.g. processing of orders), (ii) required to provide our online services, (iii) required by law, (iv) in case of the User’s consent, or (v) in the case of our legitimate interests (for example to analyze, optimize and to raise the security of our Website within the meaning of Art. 6 (1) lit. f GDPR, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of third-party services).
1.6 The legal basis (i) of the consent is Art. 6 (1) lit. a and Art. 7 GDPR, (ii) to perform our services is Art. 6 (1) lit. b GDPR, (iii) to fulfill our legal obligations is Art. 6 (1) lit. c GDPR, and (iv) in order to safeguard our legitimate interests is Art. 6 (1) lit. f GDPR.
2. Security measures
2.1 We take organizational, contractual and technical security measures in accordance with the state of the art to ensure the provisions of the data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
2.2 The security measures include in particular the encrypted transmission of data between your browser and our server.
3. Disclosure of data to third parties and third party providers
3.1 We transfer the personal data to third parties within the scope of legal provisions, only. We transfer Users‘ data to third parties for example according to Art. 6 (1) lit. b GDPR for contractual purposes or based on our legitimate interests in accordance with Art. 6 (1) lit. f GDPR for economic and effective running of our business.
3.2 If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organizational measures to protect personal data in accordance with the applicable law.
4. Provision of contractual services
4.1 We process inventory data (e.g. names and addresses as well as contact information of Users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations in accordance with Art. 6 (1) lit. b GDPR.
4.2 We process usage data (e.g. the visited pages of our Website or interest in our products) and content data (e.g. entries in the contact form or user profile) for advertising purposes in a user profile to inform the User e.g. to advertise products based on his previously used services.
5.1 When contacting us (via contact form or e-mail) the information provided by the User is processed to answer the contact request according to Art. 6 (1) lit. b GDPR.
5.2 This user information can be stored in our Customer Relationship Management System („CRM System“) or similar request organization.
6. Collection of access data and logfiles
6.1 Based on our legitimate interests within the meaning of Art. 6 (1) lit. f GDPR we collect personal data on every access to our Website (so-called “Server Log Files”). The Server Log Files include the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the User’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
6.2 Server Log File information is stored for security purposes (for example, to investigate abusive or fraudulent activities) for a maximum of 7 days before we delete the Server Log Files. Data whose further retention is required for evidential purposes shall be exempted from the cancellation until the final clarification of the incident.
7. Cookies & Range Measurement
7.1 Cookies are information transferred from our web server or third-party web servers to Users‘ web browsers and stored there for later retrieval. Cookies are small text files.
7.2 We use „Session Cookies“ that are stored for the duration of the current visit to our Website (for example, to enable the storage of your login status or the shopping cart function and thus the use of our Website at all). A randomly generated unique identification number is stored in a Session Cookie, a so-called “Session ID”. In addition, a cookie contains information about its origin and the retention period. These Session Cookies cannot save any other data. Session cookies will be deleted if you have finished using our Website and you have e.g. logged out from our Website or closed the browser window which showed our Website.
7.3 If a User does not want to get cookies stored on his device, he will be asked to disable the option in his browser’s system settings. Cookies can be deleted in the system settings of your browser. The exclusion of cookies can lead to functional restrictions of our Website.
8. Rights of data subjects
If User’s personal data is processed, the User have the following rights:
8.1 Right of access by the data subject
You may ask us to confirm if we process your personal data. If we process such personal data, you can request the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the expected duration of storage of your personal data or; if specific information is not available, criteria for determining the retention period;
(5) the right of rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You have the right to request information about whether the personal data relating to you are transferred to a third country or an international organization. In this regard, you can request the appropriate warranties in accordance with Art. 46 GDPR.
8.2 Right to rectification
You have a right to rectification and/or completion to the Controller, if the processed personal data is incorrect or incomplete. The controller rectify the inaccurate personal data without undue delay.
8.3 Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal data for a period of time that enables the Controller to verify the accuracy of your personal data;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you may need the data for the purposes of asserting,
exercising or defending legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.
If the processing of data according to the requirements obove is restricted, you will be informed by the Controller before the restriction is lifted.
8.4 Right to erasure
b) Duty of erasure
You may require the Controller to delete your personal data without any delay, and the Controller is required to delete the data immediately if one of the following reasons applies:
(1) your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent acc. to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) according to Art. 21 para. 1 DSGVO you object to the processing of data and there are no prior justifiable reasons for the processing, or you object acc. Art. 21 para. 2 DSGVO the further processing.
(4) your personal data have been processed unlawfully.
(5) the deletion of the personal data shall be required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) the your personal data were collected in relation to information society services offered pursuant to Article 8 (1) of the GDPR.
c) Information to third parties If the Controller has made your personal data public and is responsible for the deletion in acc. with. Article 17 (1) GDPR, the Controller shall take appropriate measures, including technical, to inform other data controllers who process the personal data that you have been identified as being affected, taking into account available technology and implementation costs.
The right to erasure does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation which requires the processing under Union or Member
State law to which the controller is subject or for the performance of any public task, interest or in the exercise of official authority conferring on the controller has been;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, for scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
8.5 Notification obligation regarding rectification or erasure of personal data or restriction of processing
If you have the right of rectification, erasure or restriction of the processing to the Controller, he/she is obliged to notify all recipients to whom the personal data concerning you have been corrected or deleted or processing restricted, unless: this proves to be impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
8.6 Right to data portability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance by the Controller for providing the personal data, provided that
(1) the processing is based on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract acc. Art. 6 para. 1 lit. b GDPR and
(2) the processing is done by automated machines.
In exercising this right, you also have the right to obtain that your personal data relating are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.
8.7 Right to object
You have the right at any time, for reasons that arise from your particular situation, to prevent the processing of your personal data, which, pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to opt-out by means of automated procedures that use technical specifications.
8.8 Right to revoke your consent
You have the right to revoke your privacy consent at any time. The revocation does not affect the legality of the processing carried out on the basis of the consent until the revocation.
8.9 Automated decision on a case-by-case basis, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the Controller,
(2) is permitted by the European Union or a Member State legislation to which the Controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your consent.
However, these decisions may not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the Controller, to express his/her own position and heard on challenge of the decision.
8.10 Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in your Member State of residence, place of work or place of alleged infringement, if you believe that the processing of your personal data violates the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
9. Right to erasure
9.1 The stored data will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. Unless the users‘ data are deleted because they are required for other and legally permitted purposes, their processing will be restricted. This applies, for example, to data of users who must be kept for commercial or tax reasons.
9.2 According to § 257 Abs. 1 HGB we need to store some personal data for 6 years (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 Abs. 1 AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant for taxation, etc.).
10. Right to revoke your consent
Users may object their consent to the processing of personal data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.